{{- define "resources_argocd-repo-server" }}
cpu: 50m
memory: 100Mi
{{- end }}

{{- define "resources_werf-argocd-cmp-sidecar" }}
cpu: 50m
memory: 100Mi
{{- end }}

{{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: argocd-repo-server
  namespace: d8-{{ .Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" "argocd-repo-server")) | nindent 2 }}
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: argocd-repo-server
  updatePolicy:
    updateMode: "Auto"
  resourcePolicy:
    containerPolicies:
    - containerName: werf-argocd-cmp-sidecar
      minAllowed:
        {{- include "resources_werf-argocd-cmp-sidecar" . | nindent 8 }}
      maxAllowed:
        cpu: 100m
        memory: 200Mi
    - containerName: argocd-repo-server
      minAllowed:
        {{- include "resources_argocd-repo-server" . | nindent 8 }}
      maxAllowed:
        cpu: 1
        memory: 1Gi
{{- end }}
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: argocd-repo-server
  namespace: d8-{{ .Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app.kubernetes.io/name" "argocd-repo-server" "app" "argocd-repo-server")) | nindent 2 }}
spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-repo-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  {{- include "helm_lib_module_labels" (list . (dict "app.kubernetes.io/component" "repo-server" "app.kubernetes.io/name" "argocd-repo-server" "app.kubernetes.io/part-of" "argocd" "app" "argocd-repo-server")) | nindent 2 }}
  name: argocd-repo-server
  namespace: d8-{{ .Chart.Name }}
spec:
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-repo-server
  template:
    metadata:
      labels:
        app.kubernetes.io/name: argocd-repo-server
        app: argocd-repo-server
    spec:
      {{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }}
      {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }}
      {{- include "helm_lib_priority_class" (tuple . "cluster-medium") | nindent 6 }}
      {{- include "helm_lib_pod_anti_affinity_for_ha" (list . (dict "app" .Chart.Name)) | nindent 6 }}
      {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }}
      automountServiceAccountToken: false
      containers:
        - image:  {{ include "helm_lib_module_image" (list . "werfArgocdCmpSidecar") }}
          imagePullPolicy: IfNotPresent
          name: werf-argocd-cmp-sidecar
          {{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . | nindent 10 }}
          resources:
            requests:
              {{- include "helm_lib_module_ephemeral_storage_logs_with_extra" 1024 | nindent 14 }}
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
              {{- include "resources_werf-argocd-cmp-sidecar" . | nindent 14 }}
{{- end }}
          volumeMounts:
          - mountPath: /var/run/argocd
            name: var-files
          - mountPath: /home/argocd/cmp-server/plugins
            name: plugins
          - mountPath: /tmp
            name: tmp
          - mountPath: /nonexistent
            name: werf-tmp
        - command:
            - sh
            - -c
            - entrypoint.sh argocd-repo-server --redis argocd-redis:6379
          env:
            - name: ARGOCD_RECONCILIATION_TIMEOUT
              valueFrom:
                configMapKeyRef:
                  key: timeout.reconciliation
                  name: argocd-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_LOGFORMAT
              valueFrom:
                configMapKeyRef:
                  key: reposerver.log.format
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_LOGLEVEL
              valueFrom:
                configMapKeyRef:
                  key: reposerver.log.level
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
              valueFrom:
                configMapKeyRef:
                  key: reposerver.parallelism.limit
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_DISABLE_TLS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.disable.tls
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_TLS_MIN_VERSION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.tls.minversion
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_TLS_MAX_VERSION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.tls.maxversion
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_TLS_CIPHERS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.tls.ciphers
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_CACHE_EXPIRATION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.repo.cache.expiration
                  name: argocd-cmd-params-cm
                  optional: true
            - name: REDIS_SERVER
              valueFrom:
                configMapKeyRef:
                  key: redis.server
                  name: argocd-cmd-params-cm
                  optional: true
            - name: REDIS_COMPRESSION
              valueFrom:
                configMapKeyRef:
                  key: redis.compression
                  name: argocd-cmd-params-cm
                  optional: true
            - name: REDISDB
              valueFrom:
                configMapKeyRef:
                  key: redis.db
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
              valueFrom:
                configMapKeyRef:
                  key: reposerver.default.cache.expiration
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
              valueFrom:
                configMapKeyRef:
                  key: otlp.address
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.max.combined.directory.manifests.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.plugin.tar.exclusions
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
              valueFrom:
                configMapKeyRef:
                  key: reposerver.allow.oob.symlinks
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.streamed.manifest.max.tar.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
              valueFrom:
                configMapKeyRef:
                  key: reposerver.streamed.manifest.max.extracted.size
                  name: argocd-cmd-params-cm
                  optional: true
            - name: HELM_CACHE_HOME
              value: /helm-working-dir
            - name: HELM_CONFIG_HOME
              value: /helm-working-dir
            - name: HELM_DATA_HOME
              value: /helm-working-dir
          image: {{ include "helm_lib_module_image" (list . "argocd") }}
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz?full=true
              port: 8084
            initialDelaySeconds: 30
            periodSeconds: 5
          name: argocd-repo-server
          ports:
            - containerPort: 8081
            - containerPort: 8084
          resources:
            requests:
              {{- include "helm_lib_module_ephemeral_storage_logs_with_extra" 1024 | nindent 14 }}
{{- if not ( .Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
              {{- include "resources_argocd-repo-server" . | nindent 14 }}
{{- end }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8084
            initialDelaySeconds: 5
            periodSeconds: 10
          {{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . | nindent 10 }}
          volumeMounts:
            - mountPath: /app/config/ssh
              name: ssh-known-hosts
            - mountPath: /app/config/tls
              name: tls-certs
            - mountPath: /app/config/gpg/source
              name: gpg-keys
            - mountPath: /app/config/gpg/keys
              name: gpg-keyring
            - mountPath: /app/config/reposerver/tls
              name: argocd-repo-server-tls
            - mountPath: /tmp
              name: tmp
            - mountPath: /helm-working-dir
              name: helm-working-dir
            - mountPath: /home/argocd/cmp-server/plugins
              name: plugins
      initContainers:
        - command:
            - cp
            - -n
            - /usr/local/bin/argocd
            - /var/run/argocd/argocd-cmp-server
          image: {{ include "helm_lib_module_image" (list . "argocd") }}
          name: copyutil
          {{- include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . | nindent 10 }}
          volumeMounts:
            - mountPath: /var/run/argocd
              name: var-files
          resources:
            requests:
              {{- include "helm_lib_module_ephemeral_storage_logs_with_extra" 1024 | nindent 14 }}
      serviceAccountName: argocd-repo-server
      volumes:
        - configMap:
            name: argocd-ssh-known-hosts-cm
          name: ssh-known-hosts
        - configMap:
            name: argocd-tls-certs-cm
          name: tls-certs
        - configMap:
            name: argocd-gpg-keys-cm
          name: gpg-keys
        - emptyDir: {}
          name: gpg-keyring
        - emptyDir: {}
          name: tmp
        - emptyDir: {}
          name: helm-working-dir
        - name: argocd-repo-server-tls
          secret:
            items:
              - key: tls.crt
                path: tls.crt
              - key: tls.key
                path: tls.key
              - key: ca.crt
                path: ca.crt
            optional: true
            secretName: argocd-repo-server-tls
        - emptyDir: {}
          name: var-files
        - emptyDir: {}
          name: plugins
        - emptyDir: {}
          name: werf-tmp
